CVE-2021-25148

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba h...

CVE-2020-14004

An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...

CVE-2020-10263

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can i read Wi-Fi SSID or password, ii read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, iii use Text-To-Speech tools pretend...

CVE-2020-27383

Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to weak set of permissions being granted to the "Authenticat...

CVE-2020-20907

MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/languagegeneral.class.php and app/system/include/function/file.func.php...

CVE-2020-15388

A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files...

CVE-2020-10118

cPanel before 84.0.20 allows a demo account to modify files via Branding API calls SEC-543...

CVE-2020-18121

A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell...

CVE-2020-20698

A remote code execution RCE vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file...

CVE-2020-8258

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files...

CVE-2020-7583

A vulnerability has been identified in Automation License Manager 5 All versions, Automation License Manager 6 All versions V6.0.8. The application does not properly validate the users' privileges when executing some operations, which could allow a user with low permissions to arbitrary modify...

CVE-2025-48017

Improper limitation of pathname in Circuit Provisioning and File Import applications allows modification and uploading of files...

CVE-2012-5879

An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician MVT and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method...

CVE-2019-19699

There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. T...

CVE-2018-20888

cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication SEC-424...

CVE-2019-19695

A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 v9.0.1379 and below could potentially allow an attacker to create a symbolic link to a target file and modify it...

CVE-2017-14610

bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root scrip...

CVE-2018-15906

SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file...

CVE-2018-20605

imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file...

CVE-2011-4044

An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods...